<?php
	require_once 'connection.php';
	require_once 'Product.php';require_once 'Customer.php';
	class Users{
	/*System*/
		// đường dẫn trực tiếp
		static function redirectTo($page){
			$host=$_SERVER['HTTP_HOST'];
			$uri= rtrim(dirname($_SERVER['PHP_SELF']),'/\\');
			header("Location: http://$host/$uri/$page");
			exit();
		}
		//ma hoa matKhau
		static function encryptpassword($password){
			$password=crypt($password,SALT_MD5);
			$password=md5($password);
			return $password;
		}
		/*Thong ke*/
		//Top 5 đơn đặt hàng
		static function orders_top5(){
			$query="SELECT * FROM tbl_orders ,tbl_customer  WHERE 
			 tbl_orders.customerID=tbl_customer .customerID AND
			or_status='pending' ORDER BY ordersID DESC LIMIT 5";
			//AND ors.status!='revoke'
			$result=mysql_query($query) or die("orders".mysql_error());
				print ('<table id="hor-zebra">
			<thread><tr>
				<th>Order ID</th>
				<th>Name customer</td>
				<th>Total Price</th>
				<th>Date Add</th>
				<th>Status</th>
				<th>Action</th>
			</tr></thread>
			');
			$value=0;
			while($row=mysql_fetch_array($result)){
			//$get=Product::getInfoProduct($row['productID']);
				print ('<tbody>');
				if($value%2==0){echo '<tr class="tr-1">';}
				else {echo '<tr class="tr-2">';}
				print ('
							<td>'.$row['ordersID'].'</td>
							<td>'.$row['f_name'].' '.$row['l_name'].'</td>
							<td>'.number_format($row['totalPrice'],3)." VND".'</td>
							<td>'.gmdate("d/m/Y H:i A", $row['or_dateAdd'] + 7*3600).'</td>');
							print('<td>'.$row['or_status'].'</td>
							<td><a href="update_orders.php?ordersID='.$row['ordersID'].'">View</a></td>
							</tr>');
			$value+=1;
							}
			print('</tbody></table>');
		}
		//top 5 yêu cầu nạp thẻ
		static function listRequest_top5(){
			$query="SELECT *,rq.status,rq.money FROM tbl_request rq, tbl_customer cu 
			WHERE cu.customerID=rq.customerID AND rq.status='pendding' ORDER BY requestID DESC LiMIT 5";
			
			$result=mysql_query($query) or die("orders".mysql_error());
				print ('<table id="hor-zebra">
			<thread><tr>
				<th>Name customer</td>
				<th>Money</th>
				<th>Time</th>
				<th>Status</th>
				<th>Edit</th>
			</tr></thread>
			');
			$value=0;
			while($row=mysql_fetch_array($result)){
				print ('<tbody>');
				if($value%2==0){echo '<tr class="tr-1">';}
				else {echo '<tr class="tr-2">';}
				print ('
							<td>'.$row['f_name'].' '.$row['l_name'].'</td>
							<td>'.number_format($row['money'],3,".",".")." VND".'</td>
							<td>'.gmdate("d/m/Y H:i A", $row['time'] + 7*3600).'</td>
							<td>'.$row['status'].'</td>
							<td><a href="update_request.php?requestID='.$row['requestID'].'">Update</a></td>
							</tr>');
			$value+=1;
							}
			print('</tbody></table>');
		}
		
		/**/
		
		
		
		
		static function getUserInfo($userID){
			$query="SELECT * FROM tbl_user WHERE userID='$userID'";
			$result=mysql_query($query) or die("getUserInfo".mysql_error());
			$row=mysql_fetch_array($result);
			return $row;
		}
		static function resetPassword($userID,$passwordNew){
			$passwordNew=mysql_real_escape_string(trim($passwordNew));
			$query="UPDATE tbl_user SET password='$passwordNew'WHERE userID='$userID'";
			$result=mysql_query($query) or die("updateUsers".mysql_error());
			return $result;
			
		}

		//thêm menu mới
		static function addMenuAdmin($menuName,$link,$newPageMenu,$isParent,$parentID,$orderby,$isPublished){
			$menuName=mysql_real_escape_string(trim($menuName));
			$link=mysql_real_escape_string(trim($link));
			$newPageMenu=mysql_real_escape_string(trim($newPageMenu));
			$isParent=mysql_real_escape_string(trim($isParent));
			$parentID=mysql_real_escape_string(trim($parentID));
			$orderby=mysql_real_escape_string(trim($orderby));
			$isPublished=mysql_real_escape_string(trim($isPublished));
			$query="INSERT INTO tbl_menu_admin (menuName,link,newPageMenu,isParent,parentID,orderby,isPublished) VALUES('$menuName','$link',$newPageMenu,$isParent,$parentID,$orderby,$isPublished)";
			echo $query;
			$result=mysql_query($query) or die("addMenuAdmin: ".mysql_error());
			return $result;
		}
		
		//cập nhật user
		static function updateMenuAdmin($menuID,$menuName,$link,$newPageMenu,$isParent,$parentID,$orderby,$isPublished){
			$menuID=mysql_real_escape_string(trim($menuID));
			$menuName=mysql_real_escape_string(trim($menuName));
			$link=mysql_real_escape_string(trim($link));
			$newPageMenu=mysql_real_escape_string(trim($newPageMenu));
			$isParent=mysql_real_escape_string(trim($isParent));
			$parentID=mysql_real_escape_string(trim($parentID));
			$orderby=mysql_real_escape_string(trim($orderby));
			$isPublished=mysql_real_escape_string(trim($isPublished));

			$query="UPDATE tbl_menu_admin SET menuName='$menuName',link='$link',newPageMenu='$newPageMenu',isParent='$isParent',parentID='$parentID',orderby='$orderby',isPublished='$isPublished' WHERE menuID='$menuID'";
			echo $query;
			$result=mysql_query($query) or die("updateMenuAdmin: ".mysql_error());
			return $result;
		}
		//Xoa menu Admin
		static function delMenuAdmin($menuID){
			$menuID=mysql_real_escape_string(trim($menuID));;
			$query ="DELETE FROM tbl_menu_admin WHERE menuID='$menuID'";
			$result=mysql_query($query) or die("delMenuAdmin: ".mysql_error());
			return $result;
		}
		//lấy thông tin menu
		static function getMenuInfo($menuID){
			$query="SELECT * FROM tbl_menu_admin WHERE menuID='$menuID'";
			$result=mysql_query($query) or die("getMenuInfo".mysql_error());
			$menuRow=mysql_fetch_array($result);
			return $menuRow;
		}
		//Danh sách menu top
		static function listMenuAdmin(){
			$query= "SELECT * FROM tbl_menu_admin WHERE isParent='1' order by 'orderby' ASC";
			$result =mysql_query($query) or die ("listMenu: ".mysql_error());
			print('
				<table id="hor-zebra"><thead><tr>
					<th>ID</th>
					<th>Name</th>
					<th>Link</th>
					<th>NewPageMenu</th>
					<th>Thứ tự</th>
					<th>Hiển thị</th>
					<th colspan="2">Edit</th>
				</thead><tbody>');
			while($row=mysql_fetch_array($result)){
				print('<tr id="menucha">
				<td>'.$row['menuID'].'</td>
				<td>'.$row['menuName'].'</td>
				<td>'.$row['link'].'</td>
				<td>'.$row['newPageMenu'].'</td>
				<td>'.$row['orderby'].'</td>');
				if($row['isPublished']==1)
				print('<td>Yes</td>');
				else print('<td>No</td>');
				print('
				<td><a href="../admin/update_menuAdmin.php?menuID='.$row['menuID'].'">Update</a></td>
				<td><a href="../admin/delete_menuAdmin.php?menuID='.$row['menuID'].'">Delete</a></td></tr>');
				$query_child="SELECT * FROM tbl_menu_admin  WHERE isParent='0' and parentID='".$row['menuID']."' order by 'orderby' ASC";
					$resultch=mysql_query($query_child) or die ("showListMenu: ".mysql_error());
					if(mysql_num_rows($resultch)!=0)
					{
						print ('<tr>');
						while($ch=mysql_fetch_assoc($resultch)){
							print('<tr id="menucon">
							<td></td>
							<td>'.$ch['menuName'].'</td>
							<td>'.$ch['link'].'</td>
							<td>'.$ch['newPageMenu'].'</td>
							<td>'.$ch['orderby'].'</td>');
							if($ch['isPublished']==1)
							print('<td>Yes</td>');
							else print('<td>No</td>');
							print('
							<td><a href="../admin/update_menuAdmin.php?menuID='.$ch['menuID'].'">Update</a></td>
							<td><a href="../admin/delete_menuAdmin.php?menuID='.$ch['menuID'].'">Delete</a></td></tr>');
							}
						print ('</tr>');
						}
			}
			print('<tbody></table>');
		}

		static function showListMenu(){
			$query="SELECT menuID,menuName,link,newPageMenu  FROM tbl_menu_admin  WHERE isPublished='1' and isParent='1' order by 'orderby' ASC";
			$result=mysql_query($query) or die ("showListMenu: ".mysql_error());
			print ('<div id="menu-top">
			<div id="warp-menu">
			<ul class="dropmenu">');
			while($pr=mysql_fetch_assoc($result)){
			print('
			<li class="li-lv1"><a href="../admin/'.$pr['link'].'.php">'.$pr['menuName'].'</a>');
					$query_child="SELECT menuID,menuName,link,newPageMenu  FROM tbl_menu_admin  WHERE isPublished='1' and isParent='0' and parentID='".$pr['menuID']."' order by orderby ASC";
					$resultch=mysql_query($query_child) or die ("showListMenu: ".mysql_error());
					if(mysql_num_rows($resultch)!=0)
					{
						print ('<ul class="ul-lv1"><div class="wrap-li-lv2">');
						while($ch=mysql_fetch_assoc($resultch)){
							print('<li class="li-lv2"><a href="../admin/'.$ch['link'].'.php">'.$ch['menuName'].'</a></li>');
							}
						print('</div></ul>');
					}	
			}
			print('</li></ul>
			
			</div></div>');
		}
	
	/*admin*/
		//kiểm tra thông tin login
		static function checkUserLogin($email,$password){
			$query="SELECT *FROM tbl_user WHERE email='$email' and password='$password'";
			$result=mysql_query($query) or die ("checkUserLogin: ".mysql_error());
			$row=mysql_fetch_array($result);
			return $row;
		}
		//kiem tra email
		static function checkEmailAdmin($email){
			$email=mysql_real_escape_string(trim($email));
			$query="SELECT *FROM tbl_user WHERE email='$email'";
			$result=mysql_query($query) or die("checkEmail:".mysql_error());
			$num=mysql_num_rows($result);
			if($num==0)	return true;
			else 		return false;
		}

		//kiểm tra thông tin login admin
		static function checkUserLoginAdmin($email,$password){
			$query="SELECT *FROM tbl_user WHERE email='$email' and password='$password'";
			//echo $query;
			$result=mysql_query($query) or die ("checkUserLoginAdmin: ".mysql_error());
			$row=mysql_fetch_array($result);
			return $row;
		}
				static function listUserAdmin()
		{
			$query= "SELECT * FROM tbl_user";
			$result =mysql_query($query) or die ("listUser: ".mysql_error());
			print ('<table id="hor-zebra">
			<thread><tr>
				<th>ID</th>
				<th>Email</th>
				<th colspan="3">Action</th>
			</tr></thread>
			');
			while($row=mysql_fetch_array($result)){
				print('<tbody><tr>
							<td>'.$row['userID'].'</td>
							<td>'.$row['email'].'</td>
							<td><a href="reset_passwordAdmin.php">Change password</a></td></tr></tbody>');}
			print('</table>');
		}

		static function getCustomerInfo($customerID){
			$query="SELECT * FROM tbl_customer WHERE customerID='$customerID'";
			$result=mysql_query($query) or die("getCustomertInfo".mysql_error());
			$row=mysql_fetch_array($result);
			return $row;
		}
		static function getInfo($customerID){
			$query="SELECT * FROM tbl_customer WHERE customerID='$customerID'";
			$result=mysql_query($query) or die("getInfo".mysql_error());
			$menuRow=mysql_fetch_array($result);
			return $menuRow;
		}
		static function listUserCustomer(){
			$query ="SELECT *FROM tbl_customer";
			$result= mysql_query($query) or die("listUserCustomer: ".mysql_error());
			print('<table id="hor-zebra">
			<thread><tr><th>Full Name</th><th>Email</th><th>Key</th><th colspan="2">Edit</th>
			</tr>
			');
			while($row=mysql_fetch_array($result)){
				print('<tbody>
					<tr>
						<td>'.$row['f_name'].' '.$row['l_name'].'</td>
						<td>'.$row['email'].'</td>
						<td>'.$row['status'].'</td>
						<td><a href="../admin/update_customer.php?customerID='.$row['customerID'].'">Update</a></td>
					</tr>
				</tbody>');
			}
			print('</table>');
		}
		//them 1 user moi
		static function addUser($email,$password,$firstName,$lastName,$phone){
			$email=mysql_real_escape_string(trim($email));
			$password=mysql_real_escape_string(trim($password));
			//$crypt
			$crypt_password=User::encryptMatKhau($password);
			
			$firstName=mysql_real_escape_string(trim($firstName));
			$lastName=mysql_real_escape_string(trim($lastName));
			$phone=mysql_real_escape_string(trim($phone));
			$status="active";
			$query="INSERT INTO tbl_user_group(email,password,firstName,lastName,phone,status)
			VALUES('$email','$crypt_password','$firstName','$lastName','$phone','$status')";
			$result=mysql_query($query) or die("addNewUser".mysql_error());
			return $result;
		}
		//cập nhật user
		static function updateUser($id,$email,$firstName,$lastName,$phone,$status){
			$email=mysql_real_escape_string(trim($email));
			$firstName=mysql_real_escape_string(trim($firstName));
			$lastName=mysql_real_escape_string(trim($lastName));
			$phone=mysql_real_escape_string(trim($phone));
			$status=mysql_real_escape_string(trim($status));
			$query="UPDATE tbl_user SET email='$email',firstName='$firstName',lastName='$lastName',phone='$phone',status='$status' WHERE userID='$userID'";
			$results=mysql_query($query) or die("updateUser: ".mysql_error());
			return $results;
		}
		static function updateCustomerStatus($customerID,$status){
			$customerID=mysql_real_escape_string(trim($customerID));
			$status=mysql_real_escape_string(trim($status));
			$query="UPDATE tbl_customer SET status='$status' WHERE customerID='$customerID'";
			$results=mysql_query($query) or die("updateCustomerStatus: ".mysql_error());
			return $results;
		}
		//Xoa tai khoan
		static function delUser($userID){
			$userID=mysql_real_escape_string(trim($userID));;
			$query ="DELETE FROM tbl_user WHERE userID='$userID'";
			$results=mysql_query($query) or die("delUser: ".mysql_error());
			return $results;
		}
		/*product*/
			/*Brand*/
		//lấy thông tin brand
		/*static function getBrandInfo($brandID){
			$query="SELECT * FROM tbl_brand WHERE brandID='$brandID'";
			$result=mysql_query($query) or die("getBrandInfo".mysql_error());
			$row=mysql_fetch_array($result);
			return $row;
		}	
		static function listBrand(){
			$query= "SELECT * FROM tbl_brand";
			$result =mysql_query($query) or die ("listBrand: ".mysql_error());
			print ('<table id="hor-zebra">
			<thread><tr>
				<th>ID</th>
				<th>Brand</th>
				<th colspan="3">Action</th>
			</tr></thread>
			');
			while($row=mysql_fetch_array($result)){
				print('<tbody><tr>
							<td>'.$row['brandID'].'</td>
							<td>'.$row['brandName'].'</td>
							<td><a href="../admin/update_brand.php?brandID='.$row['brandID'].'">Update</a></td>
							<td><a type="submit" href="../admin/del_brand.php?brandID='.$row['brandID'].'" >Delete</a></td>
							<td><a href="#">Close</a></td></tr>');}
			print('</tbody></table>');
		}	
		//select brand
		static function selectBrand(){
			$query= "SELECT * FROM tbl_brand";
			$result =mysql_query($query) or die ("selectBrand: ".mysql_error());
			print('<select name="brandID" class="select_info">');
			while($row=mysql_fetch_array($result)){
				print('<option value="'.$row['brandID'].'">'.$row['brandName'].'</option>');
			}
			print('</select>');
		}
		//them Brand mới
		static function addBrand($brandName){
			$brandName=mysql_real_escape_string(trim($brandName));
			$status=1;
			$query="INSERT INTO tbl_brand(brandName,status)
			VALUES('$brandName',$status)";
			$result=mysql_query($query) or die("addNewUser".mysql_error());
			return $result;
		}
		//cập nhật brand
		static function updateBrand($brandID,$brandName,$status){
			$brandID=mysql_real_escape_string(trim($brandID));
			$brandName=mysql_real_escape_string(trim($brandName));
			$status=mysql_real_escape_string(trim($status));
			$query="UPDATE tbl_brand SET brandName='$brandName',status='$status' WHERE brandID='$brandID'";
			$result=mysql_query($query) or die("updateBrand: ".mysql_error());
			return $result;
		}
		//Xoa Brand
		static function delBrand($brandID){
			$brandID=mysql_real_escape_string(trim($brandID));;
			$query ="DELETE FROM tbl_brand WHERE brandID='$brandID'";
			$result=mysql_query($query) or die("delBrand: ".mysql_error());
			return $result;
		}
			/*Model*/
				//lấy thông tin model
		/*static function getModelInfo($modelID){
			$query="SELECT * FROM tbl_model WHERE modelID='$modelID'";
			$result=mysql_query($query) or die("getModelInfo".mysql_error());
			$row=mysql_fetch_array($result);
			return $row;
		}	
		static function listModel(){
			$query= "SELECT * FROM tbl_model md,tbl_brand br WHERE br.brandID=md.brandID";
			$result =mysql_query($query) or die ("listModel: ".mysql_error());
			print ('<table id="hor-zebra">
			<thread><tr>
				<th>ID</th>
				<th>Brand</th>
				<th>Model</th>
				<th colspan="3">Action</th>
			</tr></thread>
			');
			while($row=mysql_fetch_array($result)){
				print('<tbody><tr>
							<td>'.$row['modelID'].'</td>
							<td>'.$row['brandName'].'</td>
							<td>'.$row['modelName'].'</td>
							<td><a href="../admin/update_model.php?modelID='.$row['modelID'].'">Update</a></td>
							<td><a href="../admin/del_model.php?modelID='.$row['modelID'].'">Delete</a></td>
							<td><a href="#">Close</a></td>
							</tr>');}
			print('</tbody></table>');
		}
		//select model
		static function selectModel(){
			$queryBrand= "SELECT * FROM tbl_brand";
			$resultBrand =mysql_query($queryBrand) or die ("selectBrand: ".mysql_error());
			print('<tr><td>Brand name</td><td><select name="brandlID" class="select_info">');
			while($brand=mysql_fetch_array($resultBrand)){
				print('<option value="'.$brand['brandID'].'">'.$brand['brandName'].'</option>');
						
			}print('</td></tr></select>');
			$queryModel="SELECT md.modelID,br.brandID,modelName FROM tbl_model md,tbl_brand br WHERE br.brandID=md.modelID  GROUP BY modelID,brandID,modelName";
				$resultModel =mysql_query($queryModel) or die ("selectModel: ".mysql_error());
				print('<tr><td>Model name</td><td><select name="modelID" class="select_info">');
				WHILE($model=mysql_fetch_array($resultModel)){
				print('<option value="'.$model['modelID'].'">'.$model['modelName'].'</option>');}
				print('</td></tr></select>');	
		}	
		static function selectModels()
		{
			$query="SELECT * FROM tbl_model";
			$result=mysql_query($query)or die("selectModels ".mysql_error());
			print('<select name="modelID" class="select_info">');
			while($row=mysql_fetch_array($result)){
				print('<option name="'.$row['modelID'].'">'.$row['modelName'].'</option>');
			}print('</select>');
		}

		//them Model mới
		static function addModel($modelName,$brandID){
			$modelName=mysql_real_escape_string(trim($modelName));
			$brandID=mysql_real_escape_string(trim($brandID));
			$query="INSERT INTO tbl_model(modelName,brandID)
			VALUES('$modelName',$brandID)";
			$result=mysql_query($query) or die("addModel".mysql_error());
			return $result;
		}
		
		//Xoa model
		static function delModel($modelID){
			$modelID=mysql_real_escape_string(trim($modelID));;
			$query ="DELETE FROM tbl_model WHERE modelID='$modelID'";
			$result=mysql_query($query) or die("delModel: ".mysql_error());
			return $result;
		}
		/*Series*/
				//lấy thông tin series
		/*static function selectSeries(){
			$seriesQuery="SELECT * FROM tbl_series";
			$seriesResult=mysql_query($seriesQuery) or die("selectSeries".mysql_error());
			print('<select name="seriesID" class="select_info">');
			while($series=mysql_fetch_array($seriesResult))
			{
				print('<option value="'.$series['seriesID'].'">'.$series['seriesName'].'</option>');
			}
			print('</select>');
		}
		static function getSeriesInfo($seriesID){
			$query="SELECT * FROM tbl_series WHERE seriesID='$seriesID'";
			$result=mysql_query($query) or die("getSeriesInfo".mysql_error());
			$row=mysql_fetch_array($result);
			return $row;
		}	
		
		//them series mới
		static function addSeries($seriesName){
			$seriesName=mysql_real_escape_string(trim($seriesName));
			$query="INSERT INTO tbl_series(seriesName)VALUES('$seriesName')";
			$result=mysql_query($query) or die("addseries".mysql_error());
			return $result;
		}
		
		//Xoa series
		static function delSeries($seriesID){
			$seriesID=mysql_real_escape_string(trim($seriesID));;
			$query ="DELETE FROM tbl_series WHERE seriesID='$seriesID'";
			$result=mysql_query($query) or die("delSeries: ".mysql_error());
			return $result;
		}
		
		
		/*Product*/
		//lấy thông tin product
		/*static function getProductInfo($productID){
			$query="SELECT * FROM tbl_product pr,tbl_series sr,tbl_model md,tbl_brand br
			WHERE pr.seriesID=sr.seriesID
            and pr.modelID=md.modelID and pr.brandID=br.brandID
			and productID='$productID'
			GROUP BY productID,brandName,modelName,seriesName,price
			";
			$result=mysql_query($query) or die("getproductInfo".mysql_error());
			$row=mysql_fetch_array($result);
			return $row;
		}
		
		static function listProduct(){
			$query= "SELECT productID,brandName,modelName,seriesName,price FROM tbl_product pr,tbl_series sr,tbl_model md,tbl_brand br
			WHERE pr.seriesID=sr.seriesID
            and pr.modelID=md.modelID and pr.brandID=br.brandID
			GROUP BY productID,brandName,modelName,seriesName,price";
			$result =mysql_query($query) or die ("listproduct: ".mysql_error());
			print ('<table id="hor-zebra">
			<thread><tr>
				<td>ID</td>
				<td>Name</td>
				<td>Price</td>
				<td colspan="2">Action</td>
			</tr></thread>
			');
			while($row=mysql_fetch_array($result)){
				print('<tbody><tr>
							<td>'.$row['productID'].'</td>
							<td>'.$row['brandName'].' '.$row['modelName'].' '.$row['seriesName'].'</td>
							<td>'.$row['price'].'</td>
							<td><a href="../admin/update_product.php?productID='.$row['productID'].'">Update</a></td>
							<td><a href="../admin/del_product.php?productID='.$row['productID'].'">Delete</a></td></tr>');}
			print('</tbody></table>');
		}	
		//them Product mới
		static function addProduct($brandID,$modelID,$seriesID,$manHinh,$cpu,$camera,$pin,$price){
			$name=mysql_real_escape_string(trim($name));
			$query="INSERT INTO tbl_product(name)VALUES('$name')";
			$result=mysql_query($query) or die("addproduct".mysql_error());
			return $result;
		}
		//cập nhật Product
		static function updateProduct($productID,$brandID,$modelID,$seriesID,$manHinh,$cpu,$camera,$pin,$price){
			$productID=mysql_real_escape_string(trim($productID));
			$name=mysql_real_escape_string(trim($name));
			$query="UPDATE tbl_product SET name='$name' WHERE productID='$productID'";
			$result=mysql_query($query) or die("updateseries: ".mysql_error());
			return $result;
		}
		//Xoa Product
		static function delProduct($productID){
			$productID=mysql_real_escape_string(trim($seriesID));;
			$query ="DELETE FROM tbl_product WHERE productID='$productID'";
			$result=mysql_query($query) or die("delproduct: ".mysql_error());
			return $result;
		}
		static function getAllInfo(){
			$query="SELECT productID,brandName,modelName,seriesName,price FROM tbl_product pr,tbl_series sr,tbl_model md,tbl_brand br
			WHERE pr.seriesID=sr.seriesID
            and pr.modelID=md.modelID and pr.brandID=br.brandID
			GROUP BY productID,brandName,modelName,seriesName,price";
			$result=mysql_query($query) or die("getproductInfo".mysql_error());
			$row=mysql_fetch_array($result);
			return $row;
		}	
	
		static function showListProduct(){
			$query= "SELECT * FROM tbl_product pr,tbl_model md,tbl_brand br,tbl_series sr WHERE pr.brandID=br.brandID and pr.modelID=md.modelID and pr.seriesID=sr.seriesID";
			$result =mysql_query($query) or die ("showListProduct: ".mysql_error());
			print ('<div id="table">
			<ul>');
			while($row=mysql_fetch_array($result)){
				print('<li class="sp">
					<a href=productDetail.php?productID='.$row['productID'].'>
					<div><img src="../images/'.$row['image'].'.jpg"></div>
					<div><span>'.$row['brandName'].' '.$row['modelName'].' '.$row['seriesName'].'</span></div>
					<div class="price"><span>'.$row['price'].'VND</span></div>
					</a>
				</li>');}
			print('</ul></div>');
		}*/
	static function orders(){
			$query="
			SELECT * FROM tbl_orders ,tbl_customer  WHERE 
			 tbl_orders.customerID=tbl_customer.customerID ORDER BY ordersID DESC";
			//AND ors.status!='revoke'
			$result=mysql_query($query) or die("orders".mysql_error());
				print ('<table id="hor-zebra">
			<thread><tr>
				<th>Order ID</th>
				<th>Name customer</td>
				<th>Total Price</th>
				<th>Date Add</th>
				<th>Date Modify</th>
				<th>Status</th>
				<th>Action</th>
			</tr></thread>
			');
			$value=0;
			while($row=mysql_fetch_array($result)){
			//$get=Product::getInfoProduct($row['productID']);
				print ('<tbody>');
				if($value%2==0){echo '<tr class="tr-1">';}
				else {echo '<tr class="tr-2">';}
				print ('
							<td>'.$row['ordersID'].'</td>
							<td>'.$row['f_name'].' '.$row['l_name'].'</td>
							<td>'.number_format($row['totalPrice'],3)." VND".'</td>
							<td>'.gmdate("d/m/Y H:i A", $row['or_dateAdd'] + 7*3600).'</td><td>');
							if($row['or_dateModify']>0)
							print(gmdate("d/m/Y H:i A", $row['or_dateModify'] + 7*3600));
							print('</td><td>'.$row['or_status'].'</td>
							<td><a href="update_orders.php?ordersID='.$row['ordersID'].'">View</a></td>
							</tr>');
			$value+=1;
							}
			print('</tbody></table>');
		}
		//check status request customer
		static function getRequest($requestID){
		$query="SELECT *,rq.status,rq.money FROM tbl_request rq, tbl_customer cu WHERE cu.customerID=rq.customerID AND requestID='$requestID'";
		$result=mysql_query($query) or die("orders".mysql_error());
		$row=mysql_fetch_array($result);
		return $row;
		}
		static function listRequest(){
			$query="SELECT *,rq.status,rq.money FROM tbl_request rq, tbl_customer cu WHERE cu.customerID=rq.customerID AND rq.status='pendding' ORDER BY requestID DESC LiMIT 10";
			
			$result=mysql_query($query) or die("orders".mysql_error());
				print ('<table id="hor-zebra">
			<thread><tr>
				<th>Name customer</td>
				<th>Money</th>
				<th>Time</th>
				<th>Status</th>
				<th>Edit</th>
			</tr></thread>
			');
			$value=0;
			while($row=mysql_fetch_array($result)){
				print ('<tbody>');
				if($value%2==0){echo '<tr class="tr-1">';}
				else {echo '<tr class="tr-2">';}
				print ('
							<td>'.$row['f_name'].' '.$row['l_name'].'</td>
							<td>'.number_format($row['money'],3,".",".")." VND".'</td>
							<td>'.gmdate("d/m/Y H:i A", $row['time'] + 7*3600).'</td>
							<td>'.$row['status'].'</td>
							<td><a href="update_request.php?requestID='.$row['requestID'].'">Update</a></td>
							</tr>');
			$value+=1;
							}
			print('</tbody></table>');
		}
		static function updateRequest($customerID,$requestID,$money,$status){
			$row=Customer::getCustomerInfo($customerID);
			$moneyAll=$row['money']+$money;
			$query="UPDATE tbl_request rq,tbl_customer cu SET rq.status='$status',cu.money='$moneyAll' WHERE requestID='$requestID'";
			$result=mysql_query($query) or die("orders".mysql_error());
			return $result;
		}
		
		static function delRequest($requestID){
			$query="Delete FROM tbl_request WHERE requestID='$requestID'";
			$result=mysql_query($query) or die("orders".mysql_error());
			return $result;
		}
	}
?>